class PermissionVerifier {
public:
    static bool verifyDeviceAccess(const Session& session, int deviceId) {
        if (session.role == "admin") return true;
        // 查询数据库验证设备权限
        sqlite3_stmt* stmt;
        const char* query = "SELECT user_id FROM device_permissions "
                           "WHERE device_id=? AND user_id=?";
        
        if(sqlite3_prepare_v2(Database::getInstance().getHandle(), 
                             query, -1, &stmt, nullptr) != SQLITE_OK) {
            throw std::runtime_error("Database prepare error");
        }
        sqlite3_bind_int(stmt, 1, deviceId);
        sqlite3_bind_int(stmt, 2, session.userId);
        bool hasAccess = (sqlite3_step(stmt) == SQLITE_ROW);
        sqlite3_finalize(stmt);
        
        return hasAccess;
    }
    static bool verifyLogAccess(const Session& session) {
        return session.role == "admin";
    }
    static bool verifyUserManagement(const Session& session) {
        return session.role == "admin";
    }
};